CSRF Web Vulnerabilities – Nikita Makeyev
-
Upload
luna-web -
Category
Technology
-
view
1.161 -
download
0
Transcript of CSRF Web Vulnerabilities – Nikita Makeyev
Welcome
Cross Site Request Forgery (CSRF)
Nikita Makeyev, CoreCommerce
ASK: how many freelancers?ASK: How many business owners?
Cross Site Request What?
* Cross Site Request Forgery
* CSRF
* XSRF
* One-Click Attack
* Session Riding
How Does It Work?
Step 1:
Attacker finds a website that:performs an action upon a GET requestOR
performs an action upon a POST requestbut doesn't differentiate between POSTand GET data
How Does It Work?
Step 2:Attacker constructs a string that simulatesa server action request and includes it asa src of an image or a script on a bunch ofsites - blogs, forums, malicious sites, etc.
How Does It Work?
Step 3:Legitimate user accesseshttps://www.mybank.com/account.php,logs in and then happens to visit one ofthe compromised pages.
How Does It Work?
Step 4:Attacker checkshttps://www.mybank.com/account.phpevery day and attempts to use the forgotpassword feature using [email protected]
What Makes It Possible?
Web developers aren't as familiar with this vulnerability as some other ones (XSS, SQL injection)
Site relying on user identity
Attacker able to find a form submission or a URL that performs action
Attacker must lure victim to a page with malicious code
Why Is It Dangerous?
Undetectable by automated scanners
No damage ceiling
The attack is silent
Easily mountable
Combines with XSS
How Do I Prevent It?
Do not use REQUEST
Only use POST to initiate actions
Checking the HTTP Referrer header
Use random server generated user-specific token in all form submission